slide1
Download
Skip this Video
Download Presentation
Kerry Osborne Senior Oracle Guy

Loading in 2 Seconds...

play fullscreen
1 / 22

Kerry Osborne Senior Oracle Guy - PowerPoint PPT Presentation


  • 86 Views
  • Uploaded on

Kerry Osborne Senior Oracle Guy. Caveats. The opinions expressed are mine … I’m an old guy I am biased towards Oracle technology I have not drunk too much of the Kool-Aid. Why Identity Management?. My Totally Unscientific Survey ~40 companies ~90% public ~40% over $1B

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Kerry Osborne Senior Oracle Guy' - harris


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1
Kerry Osborne

Senior Oracle Guy

caveats
Caveats
  • The opinions expressed are mine …
  • I’m an old guy
  • I am biased towards Oracle technology
  • I have not drunk too much of the Kool-Aid
why identity management
Why Identity Management?

My Totally Unscientific Survey

  • ~40 companies
  • ~90% public
  • ~40% over $1B

~95% are interested in Identity Management

why identity management1
Why Identity Management?
  • Users are frustrated
  • SOX is Scary
  • Need to Reduce Costs
  • It’s Complicated
why oracle identity management
Why Oracle Identity Management?

OID

Oracle

Database

Oracle Identity Management

oracle internet directory oid
Oracle Internet Directory (OID)
  • v3 compliant LDAP server
  • Built on Oracle Database
    • Scalable
    • Performant
    • Highly Available
speaking of eggs
Speaking of eggs
  • Is it better to have all your eggs in one basket, or not?
squirrel and fort knox1
Squirrel and Fort Knox
  • Squirrel’s Approach
    • He puts nuts in lots of places.
    • They are totally insecure. Therefore, he needs lots of holes.
    • He has lots of nuts. Therefore, he doesn’t care if he loses some.
  • Fort Knox Approach
    • Put all the gold bullion in one place and lock it down.
    • Can’t afford to loose any.
    • Not enough man power to guard many locations.
back to the future
Back to the Future

Traditional Database Systems

  • Usually authenticated by the database
  • Yielded lots of silos
  • Usually not directly associated with a person
two common security models
Two Common Security Models
  • Every user has his own database account
    • Full access to base tables must be granted
    • Access to ad-hoc tools must be limited
    • Can make use of advanced Oracle features

OR

  • Users log on to a proxy account
    • Better approach generally (see caveat 1.0)
    • Not necessary for user to know the actual account
    • Easier to convert to centralized authentication
case study 1
Case Study #1

Document Management / Workflow Application

Problem:

  • Build a document management system capable of handling millions of documents from paper to searchable XML database.
  • The application should support multiple groupings of users with multiple responsibilities.
  • Provide a very flexible routing/approval infrastructure.
case study 11
Case Study #1

Architecture:

  • Oracle Database using Oracle Text
  • Java application to access the final database
  • Oracle Forms
  • Oracle Workflow
case study 12
Case Study #1

Solution:

  • Use proxy security model where by all users log on to a common database account.
    • Use OID for authentication
    • Create a table of users
    • Synchronize application users table with OID via triggers
    • No need for password field in users table
    • Create view of users table for Workflow
case study 13

Forms

App

OID/SSO

Authentication

Workflow

Workflow_users_view

Database Trigger

App_users

Username

Email

Workflow_users

Username

Email

Case Study #1
case study 2
Case Study #2

Consolidation of Security Models / Authentication

Problem:

  • Numerous custom Oracle based applications all with their own security components makes compliance with government regulations difficult.

Architecture:

  • Numerous applications all accessing Oracle.
  • Each application uses individual database account security model.
  • The applications use database roles for security.
  • The client uses Oracle’s Internal Controls Management product.
  • The client plans to implement Oracle Financials.
case study 21
Case Study #2

Solution:

  • Convert custom applications to “Bolt On” applications in Oracle Financials.
    • Provides a common security model
    • Provides auditing capability
    • Provides a common user interface
    • Provides out of the box integration with OID/SSO
case study 22

OID/SSO

XX1

Users

Roles

Menus

Fin Apps

Apps

GL

AP

XX1

XX2

Users

GL_User1

AP_User1

XX1_User1

XX1_User2

XX2

Users

Roles

Menus

Responsibilites

AP Clerk

AP Super User

XX1 Clerk

XX1 Super User

Case Study #2
case study 3
Case Study #3

Active Directory Sync / .Net Application

Problem:

  • The users wish to have centralized authentication
    • This will provide users with access to the application, whether they are defined in AD, OID or the application.

Architecture:

  • .Net application
    • The application uses the Proxy Security Model with an internal table of application users.
case study 31
Case Study #3

Solution:

  • Use OID as the central repository
  • Synchronize OID with AD and the Internal Users Table
  • AD sync accomplished with DIP on timed basis
  • Database users table sync is bi-directional
    • To OID via database triggers
    • From OID with timed job using function based view (ldap search)
case study 32

.net application

IIS

Oracle Database

AD

Oracle SSO

Plug In

App_users

via trigger

OID/SSO

timed

event

Sync

Ldap$users

Case Study #3
ad